Colombian real estate agency leak reveals records of over 100,000 buyers
According to cybersecurity firm WizCase, more than a terabyte of data containing 5.5 million files was exposed, leaking the personal information of more than 100,000 clients of a Colombian real estate company.
The breach was discovered by Ata Hakçıl and his team in a database owned by Coninsa Ramon H, a company specializing in architecture, engineering, construction and real estate services. “There was no need for a password or login credentials to view this information, and the data was not encrypted,” the researchers said. mentioned in an exclusive report shared with The Hacker News.
The data exposure is the result of a misconfigured Amazon Web Services (AWS) Simple Storage Service (S3) bucket, resulting in the disclosure of sensitive information such as customer names, photos, and addresses. The details stored in the bucket range from invoices and income documents to quotes and account statements dating from 2014 to 2021. The complete list of information contained in the documents is as follows –
- Full names
- Phone numbers
- Email addresses
- Residential addresses
- Amounts paid for estates, and
- Asset values
Additionally, the bucket would also contain a database backup that includes additional information such as profile pictures, usernames, and hashed passwords. Disturbingly, the researchers said they also found malicious backdoor code in the bucket that could be exploited to gain persistent access to the website and redirect unsuspecting visitors to fraudulent pages.
It is not immediately clear if these files were used by bad actors in a campaign. Coninsa Ramon H did not respond to email inquiries from The Hacker News regarding the vulnerability.
“Based on viewing a sample of the documents, […] the misconfiguration revealed transactions of $140 billion to $200 billion, giving an annual transaction history of at least $46 billion,” the researchers said. “For perspective, that’s about 14% of Colombia’s total economy.
The highly confidential nature of the data contained in the database makes it highly susceptible to being exploited by cyber criminals to mount phishing attacks and carry out various fraud or scam activities, including tricking users into making additional payments and , even worse, reveal more personally identifiable information by tampering with the backend infrastructure of the website.